In the last nine years, Russia has invaded its neighbor Georgia, annexed the Ukrainian province of Crimea, supported rebels in Eastern Ukraine, interfered in the U.S. presidential election, and more. Are these actions a sign that Russia is returning to aggressive foreign policies or are they part of an entirely new direction in Russian foreign policy? The answer to this question is important for the U.S. and countries throughout the world. If these policies are a return to deep Russian tradition, it will be difficult to reverse Russian aggression.

Recently Wikileaks-published CIA documents focused on hacking smart devices, but attacks on internet video pose a much greater threat – and internet video will comprise 82 percent of all global consumer internet traffic by 2020. A Ben-Gurion University of the Negev (BGU) researcher has developed a new technique that could provide virtually 100 percent protection against cyberattacks launched through internet videos or images.

Cyber is unlike any other peril, because of its theoretical ability to affect almost any insurance class. This significantly impairs (re)insurers’ ability to allocate capital, to model losses with confidence, and, as a result, to price insurance products accurately. The gap between the available global insurance capacity and market exposure has become increasingly stark: market capacity stands at approximately $500 million, but the exposure is estimated to be more than $130 billion. Pool Re, the U.K.’s $7.3 billion terrorism reinsurance fund, wants to extend its cover to include cyberattacks on property, chief executive Julian Enoizi said.

The use of biometric data such as fingerprints to unlock mobile devices and verify identity at immigration and customs counters are used around the world. Despite its wide application, one cannot change the scan of their fingerprint. Once the scan is stolen or hacked, the owner cannot change his/her fingerprints and has to look for another identity security system. Researchers have invented a new technology called “lip motion password” (lip password) which utilizes a person’s lip motions to create a password.

New report outlines how cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace. Defenders on the other hand, often operate in bureaucratic hierarchies, making them hard-pressed to keep up. Attackers thrive in a fluid, decentralized market, while bureaucracy constrains defenders. Ninety-three percent of organizations surveyed have a cybersecurity strategy, but only 49 percent have fully implemented it. Nearly 60 percent of IT executives believe their cybersecurity strategy is fully implemented, while just over 30 percent of IT staff agree. Senior executives designing cyber strategies measure success differently than implementers.

Some Trump supporters have suggested that the hacking of the DNC and of the Clinton campaign was not the work of Russia’s intelligence agencies. Rather, it was a “false flag” operation carried out by the U.S. intelligence community, but which was made to look as if it was carried out by Russian intelligence. They portray Trump as a victim of the “deep state,” or permanent bureaucracy, which is hostile to the president’s agenda. Security experts say that the latest WikiLeaks’s publication of information about CIA hacking and surveillance tools – information likely given to WikiLeaks by Russian intelligence – may well be a Russian effort to make Trump’s fact-free charges, that he was “spied on” by U.S. intelligence, appear more credible.

Zero-day software vulnerabilities – security holes that developers haven’t fixed or aren’t aware of – can lurk undetected for years, leaving software users particularly susceptible to hackers. A new study from the RAND Corporation, based on rare access to a dataset of more than 200 such vulnerabilities, provides insights about what entities should do when they discover them.

DHS S&T has awarded a $7.86 million contract to Kestrel Technology, LLC of Palo Alto, California to expand the coverage capabilities of static analysis tools used to detect potential vulnerabilities in new software systems and increase developer confidence in those tools. S&T’s Static Tool Analysis Modernization Project (STAMP) addresses the presence of weaknesses in software and deals with the root problem by improving software security before it is released by the developer.

Popular with programmers the world over for its stability, flexibility, and security, Linux now appears to be vulnerable to hackers. New research found that uninitialized variables — largely overlooked bugs mostly regarded as insignificant memory errors — are actually a critical attack vector that can be reliably exploited by hackers to launch privilege escalation attacks in the Linux kernel.

The encryption codes that safeguard internet data today won’t be secure forever. Future quantum computers may have the processing power and algorithms to crack them. A new paper clarifies misunderstandings about the complex field of public key cryptography and provides a common basis of understanding for the technical experts who will eventually be tasked with designing new internet security systems for the quantum computing age.

Researchers have identified numerous vulnerabilities in multiple home, business, and industrial robots available on the market today. The vulnerabilities identified included many graded as high or critical risk, leaving the robots susceptible to cyberattack. Once a vulnerability has been exploited, a hacker could potentially gain control of the robot for cyber espionage, turn a robot into an insider threat, use a robot to expose private information, or cause a robot to perform unwanted actions when interacting with people, business operations, or other robots. In the most extreme cases, robots could be used to cause serious physical damage and harm to people and property.

General Sir Adrian Bradshaw, the Deputy Supreme Allied Commander Europe, has said that Russian cyberattacks on NATO member states could be deemed an act of war and trigger the principle of the military alliance’s collective defense. Bradshaw said reports of Russian interference in American and European elections and Russian international disinformation campaign could lead alliance leaders to broaden the definition of an “attack.” European intelligence agencies have said that Russia’s successful interference in the U.S. 2016 presidential election has emboldened Moscow to replicated in Europe the methods it used in the U.S. There is already evidence that Russia has launched a hacking and disinformation campaign aiming to help far-right, ethno-nationalist, and populist politicians win the coming elections in France, the Netherlands, and Germany.

It is the programmer’s job to enforce these privacy restrictions. Because privacy-related code is scattered throughout all the programs Facebook uses to run its systems, the programmer must be vigilant everywhere. To make sure nobody finds out where I am unless I want them to, the programmer must tell the system to check my privacy settings everywhere it uses my location value, directly or indirectly. The best way to avoid these problems is to take the task of privacy protection away from humans and entrust it to the computers themselves. We can – and should – develop programming models that allow us to more easily incorporate security and privacy into software. Prior research in what is called “language-based information flow” looks at how to automatically check programs to ensure that sloppy programming is not inadvertently violating privacy or other data-protection rules.

Ransomware generated an estimated $200 million for attackers during the first quarter of 2016, and the researchers believe it’s only a matter of time before critical industrial systems are compromised and held for ransom. Cybersecurity have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings. The simulated attack was designed to highlight vulnerabilities in the control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and more.

Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines, and millions of miles of low-voltage distribution lines. This web of generators, substations, and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities. The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity.

The long view

The West’s adversaries “have become masters at exploiting the seams between peace and war. What constitutes a weapon in this grey area no longer has to go ‘bang’. Energy, cash - as bribes - corrupt business practices, cyber-attacks, assassination, fake news, propaganda and indeed military intimidation are all examples of the weapons used to gain advantage in this era of ‘constant competition,’ and the rules-based international architecture that has assured our stability and prosperity since 1945 is, I suggest therefore, threatened,” Sir Nicholas Carter, the British Army chief of staff, said last week. “The deduction we should draw from this is that there is no longer two clear and distinct states of ‘peace’ and ‘war’; we now have several forms. Indeed the character of war and peace is different for each of the contexts in which these ‘weapon systems’ are applied,” he added. “The arch exponent of this [new approach to war] is Russia…. I believe it represents the most complex and capable state-based threat to our country since the end of the Cold War. And my fellow Chiefs of Staff from the United States, France, and Germany shared this view.”

In an important new report on the challenges that Russia’s aggressive posture poses for U.S. interests in the world, and to U.S. democratic institutions and social cohesion at home, Council on Foreign Relations Senior Fellows Robert D. Blackwill and Philip H. Gordon warn that the United States has so far failed to elevate Russia’s intervention in U.S. elections to the national priority that it is. They add that the United States has neglected to respond to Russia’s intervention in a way sufficient to deter future attacks. They argue, “A wide range of additional measures is therefore needed in order to better protect U.S. society and political and electoral systems from further intervention.”

Last week, a U.S. government report outlined attacks made by Russian President Vladimir Putin on democratic institutions over nearly two decades. The report details the many ways in which the Russian government has combined Soviet-era approaches with today’s technological tools. Princeton’s Jacob Shapiro says: “While not a revelation to people who have been following the issue, the depth and intensity of Russian efforts against America’s allies in Europe are striking and well-documented in the report. While some may argue that turnabout is fair play insofar as the United States and its European allies have been aggressively pushing their vision of governance inside Russia and its allies for decades, those efforts have taken place in the context of institutions that abide by widely accepted legal norms. What is striking about the Russian effort is the extent to which it employed actors and approaches that clearly and routinely transgress Russian, international, and domestic laws in the places they operate. To me, the extralegal nature of Russian influence efforts was just striking.”

Americans continue to investigate, deliberate, and wallow in the aftermath of Russia’s rebirth of “Active Measures” designed to defeat their adversaries through the “force of politics rather than the politics of force.” Kremlin interference in the 2016 U.S. presidential election represents not only the greatest Active Measures success in Russian history, but the swiftest and most pervasive influence effort in world history. Never has a country, in such a short period of time, disrupted the international order through the use of information as quickly and with such sustained effect as Russia has in the last four years. Russia achieved this victory by investing in capabilities where its adversaries have vulnerabilities — cyberspace and social media. Putin’s greatest success through the employment of cyber-enabled Active Measures comes not from winning any single election, but through the winning of sympathetic audiences around the world he can now push, pull, and cajole from within the borders of his adversaries. Much has been learned about Russia’s hackers and troll farms in the year since the 2016 presidential election, but there remain greater insights worth exploring from a strategic perspective when looking at the Kremlin’s pursuit of information warfare holistically.

Researchers have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks. Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.